What Is Callback Phishing?

Have you ever received an email telling you to call a phone number? Calling a phone number may seem safer than clicking on a link, but that's what makes this tactic so effective. In callback phishing scams, cybercriminals send you an email about something urgent, such as a fraudulent charge or a vital software update. What makes this tactic unique, is that the email includes a phone number that you are prompted to call.

What Happens If I Call?

Cybercriminals use callback phishing scams for their own malicious purposes. If you call the number in the email, cybercriminals will try to trick you into revealing your sensitive information. They may use an automated voice message that prompts you to enter sensitive information, such as your credit card number or social security number. Cybercriminals can also try to trick you into downloading malware. To do this, they’ll actually answer the phone and walk you through the process of downloading malicious files onto your device.

What Can I Do to Stay Safe?

Follow the tips below to stay safe from callback phishing scams:

• Think before calling unknown phone numbers. Verify that a phone number is legitimate by navigating to the organization’s official website.
• Before sharing sensitive information over the phone, ask the caller to tell you what information they have on file. If they can't prove they are legitimate, hang up.

Watch out for a sense of urgency in emails. Phishing attacks rely on impulsive actions. So, always think before you call.

This article is used with permission from our partner KnowBe4.